This tutorial is awesome. After learning from it, I find a way to re-produce the FS patch.
Follow the Switch-Ghidra-Guides, we can setup the hactool and ghidra.
With hactool, we can find which nca file is for fat32 (with title id
0100000000000819) with one-liner bash:
Bash:
for f in $(ls firmware/); do if hactool --disablekeywarns -t nca firmware/$f | grep -q 0100000000000819; then echo $f; fi; done
Then we get the code file:
Code:
hactool --intype=nca --romfsdir=romfs firmware/2151dbc5cfb38fb3353a15d91456533f.nca
hactool --intype=pk21 --ini1dir=romfs/nx/ini1 romfs/nx/package2
hactool --intype=kip1 --uncompressed=uncompressed_fat32.kip1 romfs/nx/ini1/FS.kip1
Load it in ghidra. First we use
File -> Export Program, to dump the whole decompiled C code to a file.
Then we search for "
0x234c02" in the C code and get the following part.
C:
if ((uVar10 & 1) == 0) {
uVar11 = 0x234c02;
uVar12 = 0x39e9ae0a190b16f2;
}
0x234c02 is for the error code
2002-4518 that means "nca header signature verification failed".
In C code file we find which function this part is in, and open it in ghidra.
Select the "if" line in C function, We will find the corresponding "tbz" instruction.
What we want to do is just "nop" it. That's what sys-patch has done.
(More hints: for the ES patch search for 0x291 (error code 2145-0001), and for the NIFM patch search for "ctest.cdn".)